[ovs-dev] [PATCH 2/2] meta-flow: Don't allow negative port numbers.
Justin Pettit
jpettit at nicira.com
Fri Dec 14 00:28:31 UTC 2012
If a negative number is supplied, the parsing code used to convert it
into a signed one. We ran into an incident where a third-party script
was attempting to get the OpenFlow port number for an interface, but got
-1 from the database, since the number had not yet been assigned. This
was converted to 65535, which maps to OFPP_NONE and all flows with
ingress port OFPP_NONE were modified. This commit disallows negative
port numbers to help prevent broken integration scripts from disturbing
the flow table.
Issue #14036
Signed-off-by: Justin Pettit <jpettit at nicira.com>
---
lib/meta-flow.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/lib/meta-flow.c b/lib/meta-flow.c
index 749898f..27f3904 100644
--- a/lib/meta-flow.c
+++ b/lib/meta-flow.c
@@ -2087,7 +2087,10 @@ mf_from_ofp_port_string(const struct mf_field *mf, const char *s,
uint16_t port;
assert(mf->n_bytes == sizeof(ovs_be16));
- if (ofputil_port_from_string(s, &port)) {
+ if (*s == '-') {
+ return xasprintf("%s: negative values not supported for %s",
+ s, mf->name);
+ } else if (ofputil_port_from_string(s, &port)) {
*valuep = htons(port);
*maskp = htons(UINT16_MAX);
return NULL;
--
1.7.5.4
More information about the dev
mailing list